Juniper’s SSL-based VPNs are wonderfully easy to use. Windows and OS X users simply sign into the VPN website, click Connect, install the Java-based app (if it’s the first time) and are good to go. On the Linux side, it seems Juniper didn’t quite expend the effort to make it so easy. I’ve heard it works fine on RPM-based distros, but it doesn’t work on Ubuntu without some preparation. The steps below are what I needed to do to get it working. This tutorial got me part of the way, so if you run into issues you might want to check it out.
Here’s what I had to do the first time:
- Set up the Sun Java Runtime Environment and configure the system to use it. This guide explains how to do this.
- Set up the Firefox Java plugin. You’ve probably already done this, but check this page if not.
- Ubuntu doesn’t have a password on the root account or enable it by default. However, the install will ask for root’s password. Your sudo password will not work, as the install script dumbly switches to the root user. So set it beforehand (“sudo passwd root”) and remember it.
At this point I was able to login to the VPN site, click Connect, and complete the install. After the app installs, if all goes well, you should see something like this:
[EDIT, 2010-01-23: Commenter Jld9za helpfully reports that on Ubuntu 9.10 the following DNS and continual re-install issues aren't encountered. If you are on 9.10 or later you should be good at this point. If not, keep reading.]
Once I was connected, I could sign into things over the VPN by IP but not by name. This was due to the VPN install adding an entry to /etc/resolv.conf after my current nameserver entry. This was /etc/resolv.conf before connecting to the VPN:
1 2 3 4 | # Generated by NetworkManager domain home search home nameserver 192.168.1.1 |
And after:
1 2 3 | search home MYCOOLDOMAIN.loc nameserver 192.168.1.1 nameserver 10.175.211.10 |
Once I switched the VPN entry to be first, all worked fine:
1 2 3 | search home MYCOOLDOMAIN.loc nameserver 10.175.211.10 nameserver 192.168.1.1 |
You have to remember to switch the nameserver order in /etc/resolv.conf every time you connect. This is fairly annoying, but haven’t I found a way around it yet.
There one other problem with this setup. You have to put in the root password every time you connect, because it claims it has to reinstall a service each time. This is the popup that appears after hitting connect every time after the initial install:
Taking a look inside the script referenced (~/.juniper_networks/network_connect/installNC.sh):
1 2 3 4 5 6 | if [ -e "$1/ncsvc" ] then echo "Service needs to be reinstalled." else echo "Service needs to be installed for the first time." fi |
After I installed the client for the first time, ~/.juniper_networks/network_connect/ncsvc did exist. This is what prompts the re-install each time. I’m not sure why they have to initialize this every single time. I thought I could get around it by changing installNC.sh, but it gets recreated every time you click Connect. So currently you have to type in your root password for each connection.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Thanks for the tip – for me the password for root was the last step I needed. On my set up (ubuntu 9.1) and the latest Juniper SSL software (6.5) on the gateway box) the last two problems didn’t occur. The VPN entries are inserted in resolv.conf before the original ones; and it doesn’t seem to prompt for the re-install each time I connect either. I also had to uninstall the 6.16 unbuntu versions of Java to get the Java plugin to install (as it needed 6.15 java) using synaptic package manager.
Thanks a lot for sharing this information has really proven to be helpful. I really enjoy reading easy articles leading straight to the point.
@Jld9za Thanks for the update! I haven’t tried it on the latest Ubuntu versions as we moved to a different VPN solution at my workplace. I’ve updated the post to reflect your findings.